Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | July 3, 2021, 9:10 a.m. | July 3, 2021, 9:13 a.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
d2js2viceajwla.cloudfront.net |
AAAA
2600:9000:2139:d200:11:6feb:6f80:93a1
AAAA
2600:9000:2139:3200:11:6feb:6f80:93a1
AAAA
2600:9000:2139:5e00:11:6feb:6f80:93a1
AAAA
2600:9000:2139:be00:11:6feb:6f80:93a1
AAAA
2600:9000:2139:2200:11:6feb:6f80:93a1
AAAA
2600:9000:2139:ea00:11:6feb:6f80:93a1
AAAA
2600:9000:2139:4e00:11:6feb:6f80:93a1
AAAA
2600:9000:2139:6600:11:6feb:6f80:93a1
|
99.86.202.125 |
aus5.mozilla.org | 35.244.181.201 | |
ripzi.getenjoyment.net | 185.176.43.98 | |
prod.balrog.prod.cloudops.mozgcp.net | 35.244.181.201 | |
d2js2viceajwla.cloudfront.net | 99.86.202.125 | |
aus.thunderbird.net | 99.86.202.75 | |
prod.balrog.prod.cloudops.mozgcp.net | 35.244.181.201 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.102:49332 35.244.181.201:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=California, L=Mountain View, O=Mozilla Corporation, CN=aus5.mozilla.org | 37:1a:8a:6e:ae:e7:b7:ae:1f:a9:c0:87:53:e5:a0:94:ef:0b:de:0c |
TLS 1.2 192.168.56.102:49331 99.86.202.23:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=thunderbird.net | dd:92:a0:f3:c5:f2:3a:c7:42:66:30:75:8a:b3:b3:03:6b:8c:df:9d |
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://ripzi.getenjoyment.net/le/post.php | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://ripzi.getenjoyment.net/le/eh.down | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://ripzi.getenjoyment.net/le/del.php?filename=eh |
request | POST http://ripzi.getenjoyment.net/le/post.php |
request | GET http://ripzi.getenjoyment.net/le/eh.down |
request | GET http://ripzi.getenjoyment.net/le/del.php?filename=eh |
request | POST http://ripzi.getenjoyment.net/le/post.php |
host | 99.86.144.100 | |||
host | 99.86.144.46 | |||
host | 99.86.144.61 | |||
host | 99.86.144.82 |
dead_host | 99.86.202.125:443 |